The Seven Most Common Internet Security Mistakes

A reader says: 'I have anti-virus protection but somehow I got a virus anyway. How did this happen?' That's hard to say without knowing more, but chances are, this person made one of the seven Internet security mistakes on my list. Any one of them can lead to malware infection or even identity theft. Are YOU vulnerable? See the list now...

Are You Making Any of These Computer Security Blunders?

You may think that your Internet connection is secure because you have anti-virus software installed. But unfortunately, online security is not a set-and-forget thing; you need to be vigilant constantly and keep your protections up to date with the latest threats. Here are some of the most common Internet security mistakes that people make.

MISTAKE #1: Weak passwords leave your computer, router, and online accounts vulnerable to “dictionary attacks,” automated password-retry programs that run through lists of well-known common passwords until one works. Sure, a short, obvious password is easy to remember, but it doesn’t protect you well at all. Amazingly, one the most commonly used password is “password;” hackers probably get a kick out of that!

A strong password should be at least 12 characters long; as random as possible; and a mixture of alphabetic, numeric, and upper/lower case letters. Change your passwords every few months, and never use one that is part of your public identity, i. e., your name, birth date, home street, etc. Here are some additional tips on choosing a strong password:

MISTAKE #2: Clicking on links in emails to access online accounts is convenient but dangerous. A phony "`ing" email that looks like it’s from your bank may contain a link to a site that looks like your online banking login page. When you enter your username and password, you’re really handing them over to hackers. Instead of clicking on email links, open the desired destination in your Web browser and log in the “hard” way. It’s a small extra step that can save you from identity theft. Read these related articles to learn more about phishing:

MISTAKE #3: Failing to keep software up to date is another common mistake. Most of the Windows updates issued by Microsoft are security patches that address real, urgent issues. They are not called “critical updates” for nothing. Application programs should also be kept up to date. Check for updates to your router’s firmware at least twice a year. Many programs come with automatic update utilities; it’s a good idea to leave them enabled so that you at least get notifications when updates are available. Here's some additional information about keeping all your software up to snuff:

MISTAKE #4: Downloading free software from an unknown source, especially one that “comes to you” via email or a pop-up ad, is often perilous. Unsolicited freebies may actually be malware in disguise. You don’t really need a “free virus scan” if you already have antivirus software; just run a program that you can trust. See the link below for tips on identifying rogue software and malicious links.

MISTAKE #5: Not using two-factor authentication. Yes, it sounds geeky, but using this technique can protect your online accounts even if someone steals or guesses your password! It takes just a minute of effort to add this extra layer of security to your logins. Follow this link to learn how to implement two-factor authentication:

MISTAKE #6: Leaving your wifi wide open. Most high-speed Internet providers supply you with a router that enables wifi connections in your home. But if it's not set up correctly, wireless Internet can leave you open to hackers and unauthorized moochers of your Internet service. And that could lead to identity theft, or even legal trouble for you. Check out my tips on locking down your wifi.

MISTAKE #7: Putting out too much personal information on social networks, blogs, and other online forums is all too common. It’s often easy for someone to track down the home address and schedule of those who “over share.” Avoid posting your email address, phone number, home address, vacation plans, and other personal info on Facebook, Twitter, etc. Also, never share your social security number casually or in a public forum. Failure in this area could lead burglars to your door, or give identity thieves an opening to exploit.

But Wait... There's More!

Paying attention to these common online security mistakes will go a long way toward protecting you online. But these are just SOME of the things you need to do. In my ebook Everything You Need to Know About INTERNET SECURITY and PRIVACY, I lay out all the online threats you should know about, in a way that's easy to understand. In each of the 60+ chapters, you'll find practical ideas to boost your security and protect your privacy -- with a focus on FREE do-it-yourself solutions. Check it out with the link above.

What are some other Internet security mistakes people should avoid? Post your comment or question below...

Most recent comments on "The Seven Most Common Internet Security Mistakes"

Posted by:
David Guillaume
10 Jan 2014

I have just read through your artcle on internet security and its all jolly good advice. However if you want to keep your computer really safe, set up an old computer just to accept emails only and then if you want to save a message. Save it to a memory stick and do not download it to you main computer. I have my internet set up on an old computer with a link to my hard wired printer just in case I need to print an emailed message which is not very often.

Posted by:
Nigel
10 Jan 2014

Rob, two questions about passwords.
1. If I have a "secure" password, what is the rationale for changing it every few months? That is a common recommendation, but the logic escapes me.

2. Why don't all services that request passwords simply lock out an account for an hour after 5 wrong guesses? At that rate it would take over 500 years just to try every 4-character password.

EDITOR'S NOTE: As for #1, even a secure password can be compromised, quite easily by someone with physical access to your computer. How long do you want the bad guys to have your password? For #2, if I could pass a law, that one would make sense.

Posted by:
Ihor Prociuk
11 Jan 2014

I'm surprised that sites that require authentication (username/password), would permit unlimited attempts until the credentials are "guessed" via dictionary attacks (mistake #1). At the very least, they should permit a limited number of attempts (3-5) followed by a time-delay (15-30 minutes) before you can try again. Unfortunately, this would encourage the use of the same (simple) username/password for all sites. Not good.

Many sites use your email address as a usename and will only allow a password reset by emailing you. In this situation, someone would actually have to be able to login to your email. This makes your email password the weakest link in the chain.

Long passwords are not necessarily good protection either. See the Wired Magazine article:
"Kill the Password: Why a String of Characters Can’t Protect Us Anymore" (Nov. 15/2012)
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/

In instances where corporate computers are hacked: do they all use the same password encryption technique? If they do, that would certainly make it easier for hackers. If they're storing passwords as plain-text -- yikes!

Online accounts - absolutely. But others? We usually keep in mind personal computers, right? It's not a public computer. So what the problem to have a weak or even no password for that? Just don't let any public access to your computer, that's it. If you mean remote access, don't allow any remote access. The only case if you need it for some reason - yes, there should be a good password. Router? Kidding? By default any access to the router's settings except from internal computers that connect to the router through wire only is prohibited. Just don't open it.

"MISTAKE #6: Leaving your wifi wide open"

Even in case you have password for that and use WPA protocol, there is a technical possibility to hack it. It's not easy, but it's possible. So the best case is to use MAC filtering - include to the router's MAC table all your devices' MAC addresses and they only would be able to connect to your wifi. Of course, if somebody knows your MACs...

But don't be too concerned about your Internet security - bad guys (and good guys from NSA) are smart and professional enough to break your security, so don't attract their attention. This is the best strategy, since any hacking costs some money and your precious information shouldn't be more valuable, than hacking expenses. Just business, nothing personal. So, keep yourself off radar. Where a leaf could be hided best way? In a forest. Be like a leaf among other leaves. By the way, the best way to do so is to avoid "MISTAKE #7: Putting out too much personal information".

And I'm fully agree with other advises.

Posted by:
Mac 'n' Cheese
11 Jan 2014

David Guillaume's suggestion to set up an old computer just to accept e-mails will, indeed, keep your "main" computer really safe--unless you're using your main computer to access the Web for any other reason ! If you are accessing the web from your main computer, then you need to follow all Bob's tips to help keep you safe.

And if you're following all Bob's tips, then you really don't need to have an old computer dedicated to e-mail.

Also note that if you're using your old computer for Web access in addition to e-mail (banking, online ordering, social sites, whatever), then it--and your identity--are just as vulnerable as if you did all that on your "main" computer.

Right, Bob?

Posted by:
Mike Cain
11 Jan 2014

As a tech, I am frequently asked the question "I have an antivirus program, how did I get a virus?" Most of these programs do a good job of protecting your pc from serious viruses, however, they rarely guard against malware or spyware which are the most common type of infection. Programs like Malwarebyes or Superantimalware can help clean up a computer with this problem.

Posted by:
Jennifer Plowman
13 Jan 2014

Great article, Bob. Thanks for tips on how to protect accounts.

Posted by:
salim
13 Jan 2014

what is the best equivalent of malwarebytes & privazer to us on a mac?

EDITOR'S NOTE: My Mac friends tell me that Macs are impervious to all known hazards and work perfectly all the time. So I suppose they wouldn't need such a thing.

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.